[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

INTERIM DECISION: ACCEPT 9 candidates from VEN-BSD (Final 7/12)

I have made an Interim Decision to ACCEPT 9 of the candidates from
this cluster.  A Final Decision is scheduled for July 12.

- Steve


Least controversial candidates are listed first.

Voters:
  Shostack ACCEPT(9)
  Hill ACCEPT(9)
  Northcutt ACCEPT(9)


*************************
ACCEPT
*************************

=================================
Candidate: CAN-1999-0367
Published:
Final-Decision:
Interim-Decision: 19990713
Modified:
Announced: 19990617
Assigned: 19990607
Category: SF
Reference: NETBSD:1999-002

NetBSD netstat command allows local users to access kernel memory.

VOTES:
   ACCEPT(3) Northcutt, Shostack, Hill


=================================
Candidate: CAN-1999-0420
Published:
Final-Decision:
Interim-Decision: 19990713
Modified:
Announced: 19990617
Assigned: 19990607
Category: SF
Reference: NETBSD:1999-006

umapfs allows local users to gain root privileges by changing their
uid through a malicious mount_umap program.

VOTES:
   ACCEPT(3) Northcutt, Shostack, Hill


=================================
Candidate: CAN-1999-0422
Published:
Final-Decision:
Interim-Decision: 19990713
Modified:
Announced: 19990617
Assigned: 19990607
Category: SF
Reference: NETBSD:1999-007

In some cases, NetBSD 1.3.3 mount allows local users to execute
programs in some file systems that have the "noexec" flag set.

VOTES:
   ACCEPT(3) Northcutt, Shostack, Hill


=================================
Candidate: CAN-1999-0446
Published:
Final-Decision:
Interim-Decision: 19990713
Modified:
Announced: 19990617
Assigned: 19990607
Category: SF
Reference: NETBSD:1999-008
Reference: XF:netbsd-vfslocking-panic

Local users can perform a denial of service in NetBSD 1.3.3 and
earlier versions by creating an unusual symbolic link with the ln
command, triggering a bug in VFS.

VOTES:
   ACCEPT(3) Northcutt, Shostack, Hill


=================================
Candidate: CAN-1999-0466
Published:
Final-Decision:
Interim-Decision: 19990713
Modified:
Announced: 19990617
Assigned: 19990607
Category: SF
Reference: NETBSD:1999-009

The SVR4 /dev/wabi special device file in NetBSD 1.3.3 and earlier
allows a local user to read or write arbitrary files on the disk
associated with that device.

VOTES:
   ACCEPT(3) Northcutt, Shostack, Hill


=================================
Candidate: CAN-1999-0481
Published:
Final-Decision:
Interim-Decision: 19990713
Modified:
Announced: 19990617
Assigned: 19990607
Category: SF
Reference: OPENBSD:Mar22,1999

Denial of service in "poll" in OpenBSD.

VOTES:
   ACCEPT(3) Northcutt, Shostack, Hill


=================================
Candidate: CAN-1999-0482
Published:
Final-Decision:
Interim-Decision: 19990713
Modified:
Announced: 19990617
Assigned: 19990607
Category: SF
Reference: OPENBSD:Mar21,1999

OpenBSD kernel crash through TSS handling, as caused by the crashme
program.

VOTES:
   ACCEPT(3) Northcutt, Shostack, Hill


=================================
Candidate: CAN-1999-0483
Published:
Final-Decision:
Interim-Decision: 19990713
Modified:
Announced: 19990617
Assigned: 19990607
Category: SF
Reference: OPENBSD:Feb25,1999

OpenBSD crash using nlink value in FFS and EXT2FS filesystems.

VOTES:
   ACCEPT(3) Northcutt, Shostack, Hill


=================================
Candidate: CAN-1999-0484
Published:
Final-Decision:
Interim-Decision: 19990713
Modified:
Announced: 19990617
Assigned: 19990607
Category: SF
Reference: OPENBSD:Feb23,1999

Buffer overflow in OpenBSD ping.

VOTES:
   ACCEPT(3) Northcutt, Shostack, Hill
Page Last Updated or Reviewed: May 22, 2007